Cyber attacks against the education sector continue to be a serious issue; we've seen attacks on colleges, universities, primary schools and secondary schools across the region.
Cyber attacks affect these institutions differently, with some schools experiencing more severe consequences than others. The higher education sector is vulnerable to various threats, including phishing, malware, and impersonation. These threats pose significant risks and can lead to serious consequences if not addressed promptly.
The 2023 Cyber Security Breaches Survey showed that 85% of university institutions had identified a breach or attack in the last 12 months, making them the most affected within the education sector.
Why do criminals target the education sector?
Every school holds valuable information just like any business; this information could be student medical records, parent's contact details, bank details, exam grades and teacher's personal information. This information is valuable as the criminals behind the attack can publicly leak the data online or sell the data to cybercriminal forums and dark web marketplaces for additional revenue.
The education sector is often seen as an easy target since schools and universities typically have limited budgets for cybersecurity and may not have the resources to protect themselves against cyber attacks adequately. Criminals may exploit vulnerabilities in the system, such as outdated software, weak passwords, or unsecured networks.
“The support staff salaries are going up. National Living Wage is going up. We’re going to have to find the money to do that, and that’ll come from all the other budgets. The roof is leaking. The fuel bills are huge. We just can’t even begin to look at cyber security now. Because it’s one of the costliest things, IT is the first to go.” – Primary school (2023 Cyber Security Breaches Survey)
Disrupting schools' operations can cause significant disruption to students' learning, research, and other academic activities, leading to potential financial losses and reputational damage. For these reasons, cybercriminals may see the education sector as an attractive target for their illegal activities.
Nurseries and Childminders are also appealing targets; a recent report found that one in four nurseries has experienced a data breach in the last 12 months.
The 2023 Cyber Security Breaches Survey showed:
The percentage of organisations that have identified breaches or attacks in the last 12 months; the lowest was 41% for Primary Schools, rising to 63% for Secondary schools and 82% for colleges.
Half of universities reported experiencing breaches or attacks at least weekly.
Phishing Attacks on schools and colleges remain the most popular method of attack, with 84% of Primary Schools, 86% of Secondary schools and 92% of colleges experiencing phishing attacks in the last 12 months.
How can the North West Cyber Resilience Centre help my School/College/University?
To help the education sector (schools, colleges and universities) to outsmart cybercriminals and toughen up their cyber security, we suggest you complete our Cyber Health Check.
Designed in collaboration with Police and ISO accredited Risk Managers, our Cyber Health Check will provide your school/college/university with a summary of your Cyber Risks and an action plan to help protect you against the latest cyber threats.
Our Cyber Health Check report may suggest you should look into an annual vulnerability assessment of your network, offer security awareness training to your staff and test them through a simulated phishing exercise.
“The ongoing focus is on the people and the training. Those are areas where we can have a big impact, rather than just putting money into the technology and systems.“ – University (2023 Cyber Security Breaches Survey)
We encourage schools, colleges and universities in the North West to sign up for free Membership and download practical resources and tools to help you identify your risks and vulnerabilities. Through our membership, you will also get regular updates on new threats and can train your staff and help them to integrate security measures into your organisation.
